System.Data.SQLite
View Ticket
Not logged in
Ticket UUID: 1c456ae75fb9f2dd816d1c63cf8a29710893cd12
Title: Connection String parsing doesn't handle quoted semicolons
Status: Closed Type: Code_Defect
Severity: Important Priority: Medium
Subsystem: Connection Resolution: Works_As_Designed
Last Modified: 2013-02-07 04:40:06
Version Found In: 1.0.83.0
User Comments:
anonymous added on 2013-02-05 23:46:45:
Check-in [36bb982dd7] introduced a change to SQLiteConnection.cs (http://system.data.sqlite.org/index.html/fdiff?v1=d03ae8eb97caae2f&v2=aa259cba1b6765e4) that causes it to no longer handle quoted connection string values that contain embedded semicolons.

As per the code comments (lines 1338-39), "The Split() function of SQLiteBase accounts for and properly skips semi-colons in quoted strings". However, this function call was replaced with string.Split in this commit, which introduces the bug.

A short program that reproduces the problem (by opening a database with a semicolon in the filename) follows:

SQLiteConnectionStringBuilder csb = new SQLiteConnectionStringBuilder { DataSource = @"C:\Temp\database.sqlite" };
Console.WriteLine(csb.ConnectionString);
using (SQLiteConnection connection = new SQLiteConnection(csb.ConnectionString))
{
	connection.Open();
	Console.WriteLine("success");
}

csb = new SQLiteConnectionStringBuilder { DataSource = @"C:\Temp\data;base.sqlite" };
Console.WriteLine(csb.ConnectionString);
using (SQLiteConnection connection = new SQLiteConnection(csb.ConnectionString))
{
	connection.Open(); // *** FAILS HERE WITH ARGUMENTEXCEPTION ***
	Console.WriteLine("success");
}

anonymous added on 2013-02-05 23:50:35:
Minor update: Bug was first introduced in 1.0.83.0.

mistachkin added on 2013-02-07 01:37:00:
In theory, this issue impacts the "Data Source", "Uri", "Full Uri", and
"Password" properties.

However, the "Uri" and "FullUri" properties are of type URI, which does not
allow un-escaped semicolons, per RFC 3986.

The "Data Source" property is a file name.  Technically, these are allowed to 
contain semicolons on Windows; however, this is bad practice for several reasons:

1. They may be easily confused with colons.
2. They are the connection string property separator (i.e. this issue).
3. They may not be portable to other operating systems and/or environments.

Finally, the "Password" property is free-form text.  I propose solving this
issue by adding an alternative property named "HexPassword" that allows an
arbitrary sequence of bytes to be specified as the password via hexadecimal
encoding.

mistachkin added on 2013-02-07 04:40:06:
The HexPassword connection string property has been added by check-in
[d33b63cd51] on trunk.

Per the previous comment, the remaining issue(s) are by design.